Security
Before we even start talking about potential vulnerabilities, we need to examine closely that there are two extremes when talking about micro frontends:
- Centrally provided cross-cutting concerns including user management
- Full isolation where each module is responsible for its own user management
Both extremes come with their own advantages and disadvantages. As already seen, finding the right balance is key for a successful implementation. There is no silver bullet – a lot depends on the boundary conditions set by the project.
By far the biggest challenge regarding security management can be found in the execution of potentially untrusted code. Since code is no longer centrally created and maintained, the likelihood of unwanted snippets entering the system increases drastically. Consequently, further boundaries and processes are required to avoid vulnerabilities.
Let's dissect the two options for user management, as well as the challenge...